Protecting against downloads
Michael GALLOP
mikey at quiche.cs.mcgill.ca
Thu Sep 13 14:08:58 AEST 1990
In article <iPZeP1w163w at halcyon.wa.com> ralphs at halcyon.wa.com (Ralph Sims) writes:
>heiser at sud509.ed.ray.com (Bill Heiser - Unix Sys Admin) writes:
>
>> A *ix sysop I communite with recently told me that he'd caught one of
>> his "shell-access" users downloading *ix binaries. Since I'm getting
Fat lot of good that would do joe user.
Remember, first off that this is not the DOS world. Those binaries aren't
portable. What runs on a SUN has trouble running on other SUNs. So I
don't think the kid who downloads /usr/bin is going to have
much use for them. Now if it is and i386 UNIX maybe they might be useful
>> As far as I can see, we either have to trust the users that we give
>> shell access to, or make kermit/sz, etc unavailable to them. I guess
>> we could just make downloads only available thru the "bbs", rather than
>> from the shell ...
>
>How 'bout privileges on the files? If the user didn't have read permission,
>then he wouldn't have got them (maybe? I don't speak unix, but I'm sure
>someone will follow through on this.
Exactly, what you can do is:
chmod 711 /usr/bin/*
Which produces (I think :-)) rwx--x--x on every file in /usr/bin
>> Anyone else have any ideas on this? How do you all deal with this?
Further, any file they may download is useless (see above :-)) But also
the files they need to export them to another system, are, by default
locked. I.e. /usr/sys/conf on SYSV and /usr/Sun4/sys/conf/MachineName
on SunOs. Without those well...
While I'm rambling, even if those directories are open, just about all
machine these days is sold with UNIX Manuals and support so....
I guess to deal with this, you could hack a copy of rsh, make sure
your users aren't root and put a filter in when you compile sz
have it get the current directory and then if it is in /usr or /lib or /etc
and not tmp then abort.....
--
| mikey at quiche.cs.mcgill.ca | Mike Gallop |
|"Stealing from one author is plagarism....Stealing from many is research" |
I shall walk through the valley of Death and I shall fear no evil.......
..Except, perhaps, a sadistics assignment
More information about the Comp.unix.sysv386
mailing list